Controllability for Nondeterministic Finite Automata with Variables Jasen Markovski Department of Mechanical Engineering, Eindhoven University of Technology, Den Dolech 2, 5612MH, Eindhoven, The Netherlands Keywords: Supervisory Control Theory, Controllability, Finite Automata with Variables, Partial Bisimulation. Abstract: Supervisory control theory deals with automated synthesis of models of supervisory controllers that ensure safe coordinated discrete-event behavior of a given system. To increase the expressivity of the framework and provide for a greater modeling convenience, several extensions with variables have been proposed. One of the most prominent such extensions is implemented by means of extended finite automata with variables. We revisit the notion of controllability for nondeterministic finite automata with variables, which defines conditions under which a model of a supervisory controller can be synthesized. We will show that the existing notion of controllability for extended finite automata does not have desirable algebraic properties, i.e., it is not a preorder. We propose to employ an extension of controllability for nondeterministic discrete-event system based on a behavioral relation termed partial bisimulation, which we show that subsumes the existing notion of controllability for extended finite automata. 1 INTRODUCTION chronizing processes in line with (Ramadge and Won- ham, 1987; Cassandras and Lafortune, 2004). The Development of quality control software is becom- model of the uncontrolled system is typically referred ing an increasingly difficult task due to high com- to as plant and it is restricted by the model of the su- plexity of high-tech systems, promoting the former as pervisory controller, which referred to as supervisor. an important bottleneck in the design and production The coupling of the supervisor and the plant, results process as already noted in (Leveson, 1990). Tradi- in the supervised plant, which models the supervisory tional techniques are not able to satisfactorily cope control loop, i.e., it specifies the behavior of the con- with the challenge due to the frequent design changes trolled system. in the control requirements, which gave rise to super- Traditionally, the activities of the machine are visory control theory of discrete-event systems postu- modeled as discrete events, whereas the supervisor lated in (Ramadge and Wonham, 1987; Cassandras is a process that synchronizes with the plant. The and Lafortune, 2004). Supervisory control theory supervisor can enable or disable available events in studies automatic synthesis of models of supervisory the plant by synchronizing or not synchronizing with control software that provide for safe and nonblock- them, respectively. The events are split into control- ing behavior of the controlled system by coordinating high-level discrete-event behavior of the concurrent system components. User Supervisory controllers rely on discrete-event ob- Supervisory servations made regarding the discrete-event system Coordinating Processing Tasks control behavior by using sensory information, as depicted in Figure 1. Based upon the observed signals, these con- Resource Driving Conditioning trollers decide which activities are allowed to be car- control ried out safely and do not lead to potentially danger- Resources ous or otherwise undesired situations, and send back Transducers Actuators Sensors control signals to the hardware actuators. Under the assumption that the supervisory controller can react sufficiently fast on machine input, one can model this Main structure supervisory control feedback loop as a pair of syn- Figure 1: Supervisory control architecture. 438 Markovski J.. Controllability for Nondeterministic Finite Automata with Variables. DOI: 10.5220/0004430604380446 In Proceedings of the 8th International Joint Conference on Software Technologies (ICSOFT-PT-2013), pages 438-446 ISBN: 978-989-8565-68-6 Copyright c 2013 SCITEPRESS (Science and Technology Publications, Lda.) ControllabilityforNondeterministicFiniteAutomatawithVariables of resource and supervisory control is unified, e.g., by employing shared variables or publisher/subscriber services, which is typical for implementations in the artificial intelligence domain. The event-based ap- proach suggests direct observation of activities of the system, which are typically triggered by the system to be supervised, relying on some input/output inter- Figure 2: Supervisory control feedback loop with data- face. The extensions of supervisory control theory based observations. with variables and data aim at a two-fold improve- ment: more concise specification due to parametriza- lable and uncontrollable events, the former typically tion of the systems, as suggested in (Chen and Lin, modeling interaction with actuators, whereas the lat- 2000; Miremadi et al., 2008) and greater expressive- ter model observation of sensory information. There- ness and modeling convenience, as shown in (Skold- fore, the supervisor is allowed to disable controllable stam et al., 2007; Gaudin and Deussen, 2007). The events, e.g., if the boiler pressure is above the safe extensions range over the most prominent models threshold, then the heater should be switched off, but of discrete-event systems like finite-state machines it is not allowed to disable any available uncontrol- developed in (Chen and Lin, 2000), labeled transi- lable events, e.g., by ignoring the pressure sensor of tion systems, considered in (Markovski, 2012b), and the boiler, one reaches a potentially dangerous situa- automata extensions, provided in (Skoldstam et al., tion. 2007; Gaudin and Deussen, 2007). Additionally, the supervised plant must also sat- With the development of new models, the origi- isfy a given set of control requirements, which model nal notion of controllability for deterministic discrete- the safe or allowed behavior of the machine. Fur- event systems of (Ramadge and Wonham, 1987; Cas- thermore, it is typically required that the supervised sandras and Lafortune, 2004) is subsequently ex- plant is nonblocking, meaning that it comprises no tended to the corresponding settings with variables deadlock and no livelock behavior. To this end, ev- and data parameters. We note that the controllabil- ery state is required to be able to reach a so-called ity is originally defined as a language-based prop- marked or final state, following the notation of (Ra- erty and, thus, meant for deterministic discrete-event madge and Wonham, 1987; Cassandras and Lafor- systems. Extensions of controllability for parame- tune, 2004), which denotes the situation that the plant terized languages are proposed in (Chen and Lin, is considered to have successfully completed its ex- 2000; Gaudin and Deussen, 2007). For nonde- ecution. The conditions that define the existence of terministic discrete-event systems, there are several such a supervisor are referred to as (nonblocking) proposed notions, relying on commonly observed controllability conditions. In the setting of this paper traces in (Fabian and Lennartson, 1996; Zhou et al., we will not consider in detail the process of modeling 2006), failure semantics in (Overkamp, 1997), or and ensuring that the (nonblocking) control require- (bi)simulation semantics in (Baeten et al., 2011b). ments hold for the given plant and, instead we refer For nondeterministic extended finite automata with the reader to the model-based engineering framework variables, introduced in (Skoldstam et al., 2007), of (Schiffelers et al., 2009; Markovski et al., 2010). the proposed notion of so-called state controllabil- Depending on the observational power of the su- ity of (Miremadi et al., 2008) relies on an exten- pervisor, we deal with event-based supervision, stud- sion of the work of (Fabian and Lennartson, 1996). ied in (Ramadge and Wonham, 1987), state-based Both works of (Overkamp, 1997) and (Baeten et al., supervision as studied in (Ma and Wonham, 2005; 2011b) rely on preorder behavioral relations to for- Markovski et al., 2010), or data-based supervision mulate the notion of controllability, the former rely- along the lines of (Miremadi et al., 2008; Markovski, ing on failure-trace semantics, whereas the latter is 2012b), respectively. The first approach relies on (bi)simulation-based. Even though, it has been argued building a history of observed events to deduce the that refinements based on these two types of seman- state of the system as suggested in (Cassandras and tics have similar properties, cf. (Eshuis and Fokkinga, Lafortune, 2004), whereas the second and the third 2002), (bi)simulation-based refinements are finer no- approaches employ observers and guards that directly tions that are supported by more efficient algorithms, convey the state of the system to the supervisor in the like (Markovski, 2012a), which have already been vein of (Ma and Wonham, 2005; Markovski, 2012b), employed in a supervisory control setting (Barrett and as depicted in Figure 2. With respect to the control Lafortune, 1998). architecture of Figure 1, the second and the third ap- To capture the notion of controllability, we rely proach suggest that the interface between the layers 439 ICSOFT2013-8thInternationalJointConferenceonSoftwareTechnologies α ′ ′ α a ′ ′ ′ eδ( ((s,a,s ),X)), if ((s,a,s ),X) ∈ D( ) s −→ s , vδ(γ(s,a,s )) = T, δ (X)= δ(X), otherwise a (s,δ) −→ (s′,δ′) Figure 3: Operational semantics of finite automata with variables on a behavioral preorder termed partial bisimulation, B(V ) we denote Boolean expression over the set